krb5 commit [krb5-1.11]: Regenerate checked-in man pages

Tom Yu tlyu at MIT.EDU
Wed Dec 12 16:20:50 EST 2012 

https://github.com/krb5/krb5/commit/335bcae978857b0f0a0529a2f28c7e8ea1ba2e56
commit 335bcae978857b0f0a0529a2f28c7e8ea1ba2e56
Author: Ben Kaduk <kaduk at mit.edu>
Date:   Tue Dec 11 17:19:44 2012 -0500

    Regenerate checked-in man pages
    
    Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references
    for account lockout and detailing parameter expansion for keytab
    and credentials cache names in krb5.conf
    
    (cherry picked from commit 26481ee22377a46badbbf4bbdd8ae04265057205)
    
    ticket: 7494
    version_fixed: 1.11
    status: resolved

 src/man/kadmin.man    |   21 ++++++++++++++++-----
 src/man/krb5.conf.man |    5 +++--
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index 783e8ec..d45a9fc 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -628,23 +628,34 @@ numbers, punctuation, and whitespace/unprintable characters.
 .B \fB\-history\fP \fInumber\fP
 Sets the number of past keys kept for a principal.  This option is
 not supported with the LDAP KDC database module.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-maxfailure\fP \fImaxnumber\fP
-Sets the maximum number of authentication failures before the
-principal is locked.  Authentication failures are only tracked for
-principals which require preauthentication.
+Sets the number of authentication failures before the principal is
+locked.  Authentication failures are only tracked for principals
+which require preauthentication.  The counter of failed attempts
+resets to 0 after a successful attempt to authenticate.  A
+\fImaxnumber\fP value of 0 (the default) disables lockout.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-failurecountinterval\fP \fIfailuretime\fP
 (\fIgetdate\fP string) Sets the allowable time between
 authentication failures.  If an authentication failure happens
 after \fIfailuretime\fP has elapsed since the previous failure,
-the number of authentication failures is reset to 1.
+the number of authentication failures is reset to 1.  A
+\fIfailuretime\fP value of 0 (the default) means forever.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \fB\-lockoutduration\fP \fIlockouttime\fP
 (\fIgetdate\fP string) Sets the duration for which the principal
 is locked from authenticating if too many authentication failures
 occur without the specified failure count interval elapsing.
-A duration of 0 means forever.
+A duration of 0 (the default) means the principal remains locked
+out until it is administratively unlocked with \fBmodprinc
+\-unlock\fP.
 .TP
 .B \fB\-allowedkeysalts\fP
 Specifies the key/salt tuples supported for long\-term keys when
diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index d0fe17f..39330e1 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -1146,8 +1146,9 @@ The default is false.
 .UNINDENT
 .SH PARAMETER EXPANSION
 .sp
-Several variables, such as \fBdefault_keytab_name\fP, allow parameters
-to be expanded.  Valid parameters are:
+Starting with release 1.11, several variables, such as
+\fBdefault_keytab_name\fP, allow parameters to be expanded.
+Valid parameters are:
 .INDENT 0.0
 .INDENT 3.5
 .TS

More information about the cvs-krb5 mailing list